The InQuest Insider
September 21, 2018
Tools and Tips
Our Patented Deep File Inspection (DFI)

Deep File Inspection, or DFI, is the reassembly of packets captured off of the wire into application level content that is then reconstructed, unraveled, and dissected (decompressed, decoded, decrypted, deobfuscated) in an automated fashion.

This allows heuristic analysis to better determine the intent by analysis of the file contents (containers, objects, etc.) as an artifact.

Click below to learn more about how we deal with DFI at InQuest.

Read More
Latest InQuest Blog Posts
Threat Hunting IQY files with YARA
Adam Swanda / 2018-08-23

The goal of threat hunting is to proactively identify potential threats that have evaded existing security measures. Over the past several months the use of malicious Excel IQY files to deliver malware has fallen into this category for many organizations and users as a blind spot.

Read More
Omnibus: Automating OSINT Collection
Adam Swanda / 2018-08-16

Open Source Intelligence (OSINT) is data collected from publicly available sources that is meant to be used in the context of intelligence. A great deal of data, combined with analysis by trained professionals, can be turned into actionable intelligence.

Read More
Malicious HFS Instances Serving Gh0stRAT
Adam Swanda / 2018-07-09

HTTP File Server, commonly abbreviated as HFS, is a free and simple means to send and receive files across the Internet. An investigation into an HFS instance hosting an exploit for CVE-2018-8174 led to the discovery of an interesting threat actor and their infrastructure.

Read More
InQuest Labs Research Spotlight
A minimal, consistent API for building integrations with malware sandboxes.
Read More
A curated list of awesome YARA rules, tools, and people.
Read More
Collection of open source YARA rules for exploits and other threats
Read More
Global Security Events
Microsoft Office macro infection trends

Report by Cofense looks at the wide-spread usage of malicious Office macros, which accounts for 45% of all malware delivery mechanisms analyzed by the company.

Read More
Cobalt Group activity discovered by ProofPoint

New campaign by threat actors Cobalt Group leverages multiple exploits in phishing emails to deliver modular "CobInt" downloader, including CVE-2017-1182, CVE-2017-8570, and CVE-2018-08082.

Read More
Unique Turla APT group backdoor

A very interesting report on the campaign and the backdoor used that leverages Outlook and specially crafted PDFs for C&C communications and data exfiltration.

Read More
Useful Links
InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here:
Copyright © InQuest 2018